WindowsOS Type 3 source to code 3 blocked by firewall [RESOLVED]

I did not take down a screen shot when I had the chance, but originally the prompt was in red. It said that the Windows OS wanted to access something (some apparent destination). The suggestion told me it could do something with a VPN but if I was not familiar with this request I should block it.

Now there has been 22 blocked events so far, all starting because I blocked the initial prompt.
There was a keyterm: pseudo… if that helps.

I would like to know what this code/source 3 is and what causes it. I attached a screenshot for reference.
Thanks.

[attachment deleted by admin]

ICMP Code 3 Type 3 denotes Network Unreachable (Code 3) - Port unreachable (Type 3).

The IP address 208.67.220.220 is the address for the Open DNS servers.

Are you using Open DNS for your DNS servers?

Ewen :slight_smile:

Thanks Ewen!

Yes, I am using OpenDNS. I suspected it had something to do with that but I had no clue what was going on.

I have another question, but it would not be on this topic.
I have been suggested before that the Stealth Ports Wizards is beneficial. However, the last time I enabled it by default I have been receiving tons of intrusion blocks, why is that?

When you are on a LAN with other computers you will see all the traffic that is going on and gets blocked. I think most of the blocks you see will in the LAN range you are on: 192.168.1.x.

One of my housemates has a mediacenter thing hooked up and it broadcasts every 5s. That kinda fills up the logs here. Blocks of LAN traffic are nothing to worry about.

Thanks EricJH. I do not think it matters with the logs even though I’m the only computer user in the house, correct?

What are your thoughts if I said that my computer failed the “ShieldsUp!” test even with Stealth Ports on? Any other variables?

Thanks. :-TU

When you run SheldsUp, the GRC site sends out a series of requests looking for responses. If your PC is behind a router, the router is the device that sends the response back to ShieldsUp, not your PC. This can be verieifed by checking the IP address that ShieldsUp reports it is testing. You’ll find that the tested IP address is the public IP address of your router, not the private (192.168.1.X) address of your PC.

Ewen :slight_smile:

Then it is only router traffic when it concerns inbound traffic.

What are your thoughts if I said that my computer failed the "ShieldsUp!" test even with Stealth Ports on? Any other variables?

Thanks. :-TU

With GRC you probe your router as Panic explained. That is in between the web and you.

Ah, I remember now; router responds, not my PC.

I remember that my router failed the ICMP Echo (ping) test; does this have to do with the settings in my router, not my firewall?

kail, actually was helping me with this issue before… but that was a year ago. We never came to a resolution because communication was cut off. I recall him speaking about some DMZ function (that should be the function where all traffic can go through unrestricted, but its not exactly “safe”). Any suggestions, or am I going off topic beyond Comodo support? ><

Thanks, I appreciate your patience and time. ???

Was this done from a test web site like GRC? Then again your router responded and CIS.

kail, actually was helping me with this issue before... but that was a year ago. We never came to a resolution because communication was cut off. I recall him speaking about some DMZ function (that should be the function where all traffic can go through unrestricted, but its not exactly "safe"). Any suggestions, or am I going off topic beyond Comodo support? ><

Thanks, I appreciate your patience and time. ???

Without reading that topic I think kail may have suggested to put your computer in DMZ (demilitarized zone) so you can actually test the firewall. With DMZ you connect a computer directly to the web passing by the router. That is the only way to test the firewall om your computer when using a testing web site like GRC.

Yes, it was GRC Shield’s Up.

Thanks for the suggestion EricJH, I think this was exactly what kail wanted me to do. DMZ with Stealth Ports on to test the firewall; never did and don’t plan to any time soon (no time XD).

Thanks guys.
Original issue resolved.

This is related to the original inquiry… I have restarted my modem and computer but I continue to get “Intrusions” (186+) at the moment. All of them related to Code/Type 3.

How do I resolve this? Such as undoing what I did?

Your first post mentions having had an alert mentioning pseudo… something. Can you go to the Firewall Application Rules (Firewall → Network Security Policy) and see if there is a rule for Window Operating System. You probably blocked something there. Easiest thing is to delete the rule and see what happens and let us know about it preferably with screenshots.

I am pretty sure I did not click “Remember my Answer”; so that’s the weird thing. The intrusions continue to add up.

I took a look at the options and there was nothing related to the Windows OS as a rule (I clicked the block request option once during the prompt).

Attached a screenshot.
Thanks!

[attachment deleted by admin]

If you’re using a p2p application such as a torrent client, these entries are quite common, they may also be a side effect of using your vpn.

The easiest way to deal with these is to create an application rule for Windows Operating System and block without logging, ICMP type 3 code 3 messages.

I think the rule for svchost.exe may be causing some problems here. Try changing it to Outgoing Only for the moment and see if that helps or not.

It is fine now. I restarted my computer and modem again and it worked out fine. Thank you!